Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.1.0 - Release Notes

Enhancements

The following is a list of enhancements implemented in SPS 6.1.

Table 1: General enhancements
Enhancement Issue ID

It is now possible to join Starling when SPS is behind an HTTP proxy using the proxy settings at Basic Settings > Network > HTTPS proxy.

 

Channel policies can now store hostnames and fully-qualified domain names in the From and Target fields. Earlier versions automatically resolved these hostnames into IP addresses and stored the IP address in the configuration. Now these hostnames are resolved for each session, so hostnames with dynamically changing IP addresses can be used. Wildcards are also supported (for example, *.example.com). For details, see "Creating and editing channel policies" in the Administration Guide.

 
   

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in release 6.1
Resolved Issue Issue ID

Security updates in this release:

bind9:

  • CVE-2018-5743

curl:

  • CVE-2019-5346

db5.3:

  • CVE-2019-8457

dbus:

  • CVE-2019-12749

elfutils:

  • CVE-2018-16062

  • CVE-2018-16402

  • CVE-2018-16403

  • CVE-2018-18310

  • CVE-2018-18520

  • CVE-2018-18521

  • CVE-2019-7149

  • CVE-2019-7150

  • CVE-2019-7665

ffmpeg:

  • CVE-2018-15822

  • CVE-2019-9718

  • CVE-2019-9721

glib2.0:

  • CVE-2019-12450

gnutls28:

  • CVE-2018-1084

  • CVE-2018-10844

  • CVE-2018-10845

  • CVE-2018-10846

  • CVE-2019-3829

isc-dhcp:

  • CVE-2019-6470

jinja2:

  • CVE-2019-10906

libpng1.6:

  • CVE-2019-7317

libseccomp:

  • CVE-2019-9893

linux:

  • CVE-2017-5715

  • CVE-2017-5753

  • CVE-2017-5754

  • CVE-2018-12126

  • CVE-2018-12127

  • CVE-2018-12130

  • CVE-2018-16884

  • CVE-2018-3620

  • CVE-2018-3639

  • CVE-2018-3646

  • CVE-2019-3874

  • CVE-2019-3882

  • CVE-2019-9500

  • CVE-2019-9503

mysql-5.7:

  • CVE-2019-2566

  • CVE-2019-2581

  • CVE-2019-2592

  • CVE-2019-2614

  • CVE-2019-2627

  • CVE-2019-2628

  • CVE-2019-2632

  • CVE-2019-2683

openjdk-8:

  • CVE-2019-2422

  • CVE-2019-2426

  • CVE-2019-2602

  • CVE-2019-2684

  • CVE-2019-2698

php7.2:

  • CVE-2019-11034

  • CVE-2019-11035

  • CVE-2019-11036

  • CVE-2019-11039

  • CVE-2019-11040

  • CVE-2019-9637

  • CVE-2019-9638

  • CVE-2019-9639

  • CVE-2019-9640

  • CVE-2019-9641

  • CVE-2019-9675

postgresql-10:

  • CVE-2019-10130

python-urllib3:

  • CVE-2018-20060

  • CVE-2019-11236

  • CVE-2019-11324

qtbase-opensource-src:

  • CVE-2018-15518

  • CVE-2018-19870

  • CVE-2018-19873

samba:

  • CVE-2018-16860

PAM-10262

Changing cluster roles may make the product tainted

When changing certain cluster roles, the firmware became tainted. This affected the upgrade process when the definition of a role changed between two releases, resulting in tainted firmware.

PAM-9375

Report generation can produce duplicate reports

If generating a report took more than 30 minutes, it was restarted, causing it to run twice and generate a duplicate report. This has been corrected, now report generation jobs cannot overlap to prevent processing them twice.

PAM-5477

System requirements

Before installing SPS 6.1, ensure that your system meets the following minimum hardware and software requirements.

The One Identity Safeguard for Privileged Sessions Appliance is built specifically for use only with the One Identity Safeguard for Privileged Sessions software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

For the requirements about installing One Identity Safeguard for Privileged Sessions as a virtual appliance, see one of the following documents:

Supported web browsers and operating systems

Caution:

Since the official support of Internet Explorer 9 and 10 ended in January, 2016, they are not supported in One Identity Safeguard for Privileged Sessions (SPS) version 4 F3 and later.

Caution:

Even though the One Identity Safeguard for Privileged Sessions (SPS) web interface supports Internet Explorer and Microsoft Edge in general, to replay audit trails you need to use Internet Explorer 11, and install the Google WebM Video for Microsoft Internet Explorer plugin. If you cannot install Internet Explorer 11 or another supported browser on your computer, use the the Safeguard Desktop Player application. For details, see "Replaying audit trails in your browser" in the Administration Guide and Safeguard Desktop Player User Guide.

NOTE:

SPS displays a warning message if your browser is not supported or JavaScript is disabled.

NOTE:

The minimum recommended screen resolution for viewing One Identity Safeguard for Privileged Sessions's (SPS's) web interface is 1366 x 768 pixels on a 14-inch widescreen (standard 16:9 ratio) laptop screen. Screen sizes and screen resolutions that are equal to or are above these values will guarantee an optimal display of the web interface.

Supported browsers

The current version of Mozilla Firefox and Google Chrome, Microsoft Edge, and Microsoft Internet Explorer 11 or newer. The browser must support TLS-encrypted HTTPS connections, JavaScript, and cookies. Make sure that both JavaScript and cookies are enabled.

Supported operating systems

Windows 2008 Server, Windows 7, Windows 2012 Server, Windows 2012 R2 Server, Windows 8, Windows 8.1, Windows 10, Windows 2016, and Linux.

The SPS web interface can be accessed only using TLS-encryption and strong cipher algorithms.

Opening the web interface in multiple browser windows or tabs is not supported.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating